General
-
Target
778cc4190db9e43265449657a63638f798b5abd0b313e352612d3d53beb1e438
-
Size
403KB
-
Sample
240927-ky77bsvclp
-
MD5
bf79b53eeeecf5b81ccf98167ad94a75
-
SHA1
12dba5935f7f538fc49c067150a896a90380b0f6
-
SHA256
778cc4190db9e43265449657a63638f798b5abd0b313e352612d3d53beb1e438
-
SHA512
19d420f8792b3782ea38b44329778cceeee8cf9777a3e0e762065f8a1243a8961e241adc8a6926592e95f0bf42ac92e7b575a4d34bddfce6344c421e9ff7c828
-
SSDEEP
12288:36t83udUndCdsSvje1Lyu4h1oPk/KiGEO:w8+OnVLqoc/KZt
Malware Config
Extracted
vidar
11
58cd250b15e666e5f72fcf5caa6cb131
https://steamcommunity.com/profiles/76561199780418869
https://t.me/ae5ed
-
user_agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0
Targets
-
-
Target
778cc4190db9e43265449657a63638f798b5abd0b313e352612d3d53beb1e438
-
Size
403KB
-
MD5
bf79b53eeeecf5b81ccf98167ad94a75
-
SHA1
12dba5935f7f538fc49c067150a896a90380b0f6
-
SHA256
778cc4190db9e43265449657a63638f798b5abd0b313e352612d3d53beb1e438
-
SHA512
19d420f8792b3782ea38b44329778cceeee8cf9777a3e0e762065f8a1243a8961e241adc8a6926592e95f0bf42ac92e7b575a4d34bddfce6344c421e9ff7c828
-
SSDEEP
12288:36t83udUndCdsSvje1Lyu4h1oPk/KiGEO:w8+OnVLqoc/KZt
Score10/10-
Detect Vidar Stealer
-
Vidar
Vidar is an infostealer based on Arkei stealer.
-
Downloads MZ/PE file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1